Privacy and Cookies

Privacy

Cookies

A bit about cookies

HTTP Cookies, or ‘cookies’ as they are generally known, are small text files that are placed on your computer's hard drive or memory by your web browser when you visit websites that use cookies.

Most modern websites use cookies to ensure that their website’s visitors have the best online experiences possible, and we use cookies for these very purposes.

Definitions

Session cookies

A ‘session cookie’ or ‘temporary cookie’ is stored within your computer‘s memory, and will only remain there for a single session - ie the duration of a single visit to a website.

Session cookies use unique session identifiers to establish your session and enable the website owner to provide certain features and functionality that will make your experience of the website better as you navigate through different web pages.

Persistent cookies

Persistent cookies are stored on your computer's hard drive. Persistent cookies store useful information, such as user preferences, language or geographical location and serve as pointers. After visiting a website for the first time, on each subsequent visit, the data stored is sent via your web browser to the website’s server, enabling it to “remember” this information each time you visit the website.

Secure cookies

Secure cookies are used for encrypted communications that share sensitive data, such as financial transactions or submitting personal information. A secure cookie can be either temporary or persistent; it simply provides additional security.

First-party cookies

First-party cookies are cookies set by websites when you visit them directly and are generally used to improve the visitor’s experience. These can be temporary cookies, persistent cookies or both, depending on the functionality of the website.

Third-party cookies

Third-party cookies are cookies set by websites other than the website being visited. These cookies are generally used for advertising purposes; they provide advertisers with information, such as how many times a web page displaying a specific advertisement was loaded. These can be temporary cookies, persistent cookies or both, depending on the functionality of the website.

Debunking a few cookie myths

Cookies do not contain software.

Cookies do not contain viruses.

Cookies do not spontaneously launch applications on your computer.

Cookies should not contain any personally identifiable information.

Cookies rarely contain useful information on their own, as they work in combination with your browser and the website’s database.

The cookie monster is not real.

The cookies we use

The cookies we use are an integral part of how our websites works and enable us to provide a better online experience for our website visitors. Importantly, cookies enable our users to set accessibility preferences on our Website without having to register or log in.

We also use Google Analytics cookies, which collect anonymous information, such as how many people visit our websites, which web pages they visit and how long they visit for. Google kindly offer the Google Analytics service free of charge and the information we collect is invaluable for making our Website the best it can be.

Cookie intrusiveness

In order to ensure that your privacy is being protected, we have assessed ‘cookie intrusiveness’, which determines the risk of intrusion a certain type or use of cookie that places on your privacy.

Intrusiveness Legend

Level of Intrusiveness

ID

None

0

Negligible

1

Minimal

2

Moderate

3

Considerable

4

High

5

Intrusiveness by function

Category

ID

Level of Intrusiveness

Strictly necessary

0

None

Website functionality

1

Negligible

Website preferences

1

Negligible

CMS member access

1

Negligible

CMS administration

1

Negligible

Analytics

2

Minimal

Social media

3

Moderate

Third-party functionality

4

Considerable (we do not use these)

Targeted advertising

5

High (we do not use these)

Severn Postgraduate Medical Education cookies: details

A list of the cookies used on all severndeanery.org.uk websites and detailed information about what they are used for are contained in the tables below. We use a Content Management System (CMS) to maintain the Deanery website.

Non-CMS Cookies: Google Analytics

Cookie Name

Duration Type

Owner Type

Expiry

Data Stored

Level

__utma

Persistent

First-party

730 days

Initially a Unique Client ID is stored; subsequently, the number of visits, and the time of the first, previous and current visit.

2

__utmb

Temporary

First-party

30 mins

Duration of visit

2

__utmc

Temporary

First-party

1 session

Duration of visit

2

__utmz

Persistent

First-party

180 days

Referral data: where the user came from.

2

CMS Cookies: All Users

Cookie Name

Duration Type

Owner Type

Expiry

Data Stored

Level

PHPSESSID

Temporary

First-party

1 session

Unique Session ID

1

PageCommentInterface_Name

Persistent

First-party

90 days

Name, as per user input. Users are not required to disclose their real name and can comment anonymously.

1

CMS Cookies: Registered Users

Cookie Name

Duration Type

Owner Type

Expiry

Data Stored

Level

PastMember

Persistent

First-party

90 days

Value = 1

1

alc_enc

Persistent

First-party

90 days

Unique Member ID

1

$login_marker_cookie

n/a

n/a

1 session

n/a

0

CMS Cookies: Administrative Users

Cookie Name

Duration Type

Owner Type

Expiry

Data Stored

Level

bypassStaticCache

Temporary

First-party

1 session

Value = 1

1

siteTreeFutureState

Temporary

First-party

1 session

Value = 1

0

Severn Postgraduate Medical Education Cookies: Purposes

Non-CMS Cookies: Google Analytics

Cookie Name

Purpose

__utma

When users visit the Deanery website for the first time, the __utma cookie is used to identify each unique visitor, as determined by the user's client. The __utma cookie is subsequently used to track user visits and activity on to the Deanery website over time.

__utmb

The __utmb cookie is used to establish and maintain a single user session, and to measure the duration of each session. The __utmb cookie will remain operative whilst the user is active on the Deanery website. If the user is inactive for 30 minutes, the cookie will expire and the session will be determined as completed for analytics purposes.

__utmc

The __utmc cookie works in conjunction with the __utmb cookie to establish and maintain a single session.

__utmz

The __utmz cookie is used to determine the "referral type" - the route the user took to get to the Deanery website. For example, whether the user entered the Deanery url directly into their browser, they did a Google Search, they clicked on a link on another website and suchlike.

CMS Cookies: All Users

Cookie Name

Purpose

PHPSESSID

The PHPSESSID cookie is native to PHP and enables websites to store serialised state data. On the Postgraduate medical Education website it is used to establish a user session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie. As the PHPSESSID cookie has no timed expiry, it disappears when the client is closed. The use of the PHPSESSID cookie is highly embedded in the SilverStripe CMS and is a central part of the working of the system; initiating a session is one of the first things SilverStripe does when a web page is requested. The PHP Session::start() command that sets the cookie is invoked from the programme main.php, which is part of SilverStripe’s core code. In addition, SilverStripe utilises the PHP session for many of its features. On the Deanery website, the accessibility style switcher uses the PHP session to maintain state and would not function as intended without the PHPSESSID cookie being set. The security for the registration form relies on the PHP session and, as there are no specific cookies used to pass login state data, user logins are preserved through the session. The page view history for logged in users is initially recorded as an array in the PHP session and requires the PHPSESSID cookie to be set in order to function.

CMS Cookies: Registered Users

Cookie Name

Purpose

PastMember

This cookie is set at registration and/or login. It is set to denote that a user who is, or was, logged in through a unique client is a registered user of the Deanery websites. The function that sets this cookie also updates the LastVisited timestamp in the registered user‘s record. As the cookie has a 90 day duration, if 90 days have elapsed between registration and login or between logins, the cookie will disappear and be reset the next time the user logs in.

alc_enc

This cookie is used for auto-login; this occurs if the client is closed and then re-opened, so if the user was logged in at the time that the client closed, they get logged in again automatically. This cookie is set if the "remember me" checkbox is checked at login.

$login_marker_cookie

Although this is not an actual cookie, but a placeholder that works in conjunction with the session cookie The CMS uses this code to set a session cookie to "1" whenever a user logs in. This allows Apache's mod_rewrite to detect whether a user is logged in or not and alters behaviour accordingly.

CMS Cookies: Administrative Users

Cookie Name

Purpose

bypassStaticCache

Static caching stores static data locally on a user’s machine in order to increase the speed of delivering web pages. Static data that does not change is only delivered to the user once and not every time they visit the web page. The bypassStaticCache cookie on the Deanery website is used within the CMS administration system only. CMS administration utilises Stages for content creation and approval before the content is published to the live website; when a CMS administrative user is reviewing new content in the Draft version of the website, the bypassStaticCache cookie is set to ensure that the user is reviewing the latest content.

Most internet browsers accept cookies automatically, but they also provide means to delete cookies and prevent them from being set.It’s your choice

Some browsers also provide a Do Not Track (DNT) facility, intended to stop you from being tracked and subsequently served targeted advertising. As all browsers do things differently, please refer to the website of the browser you use for more information.

Do Not Track (DNT)

Cookies consent

Acceptance

Severn Postgraduate Medical Education's policy on cookies is one of implied consent; it is understood that, having provided you with transparent and accurate information about our use of cookies, how to control and delete cookies and the impact this will have on your use of our Website, you have the tools to make an informed decision about whether or how you choose to interact with our Website. As such, your continued use of our Website is accepted as your consent to our use of cookies.

Non-acceptance

If you do not accept our use of cookies, you can;

continue to use our Websites without cookies, on the understanding of the limitations this may place on functionality, or;

not use our Websites and delete any cookies we may have set once you have left our Website.

Privacy and other technologies

Although Severn Postgraduate Medical Education only use first-party cookies, there are other technologies used to store data on your computer or mobile device to track behaviour. Some of the existing and emerging technologies include:

Flash cookies (FlashLocallyStoredObjects)

Web beacons

HTML5 storage

Web/DOM storage

Indexed Database API

Local data storage in mobile applications

One more thing

At present, there are no mechanisms that ensure total anonymity on the Internet. Disabling cookies and using DNT will not prevent you from being trackable, as the following data remains available: